From 4f7d69e1856a611025f53eef273e5af039d9aa16 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Tue, 19 Mar 2013 12:49:55 +0400
Subject: detect whether browser supports iframe.sandbox and allow iframes
 accordingly; allow object and embed elements

---
 include/functions.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'include/functions.php')

diff --git a/include/functions.php b/include/functions.php
index 0e5d15eaf..50bdc13ae 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2626,7 +2626,9 @@
 
 		$allowed_elements = array('p', 'br', 'div', 'table', 'tr', 'td', 'th',
 			'ul', 'ol', 'li', 'blockquote', 'span', 'html', 'body', 'a', 'img',
-			'iframe', 'video', 'audio', 'source');
+			'video', 'audio', 'source', 'object', 'embed');
+
+		if ($_SESSION['hasSandbox']) array_push($allowed_elements, 'iframe');
 
 		$disallowed_attributes = array('id', 'style', 'class');
 
-- 
cgit v1.2.3